Bank of England Sets up Cyber Crime Unit

The Bank of England (BoE) has stepped up measures to combat cyber crime by introducing new measures to help banks detect and counter hacking.

Andrew Gracie, executive director for resolution, said that the BoE had last month launched a new framework entitled CBEST, which was developed in collaboration with the Council of Registered Ethical Security Testers (Crest). It was now going public with the new framework, which will be voluntary.

CBEST will combine intelligence from government and security companies to assess risks to the financial system. It will then apply bespoke tests to see whether banks’ security systems are vulnerable. Gracie said that unlike current cyber threat systems, the new framework would replicate threats that are already being used by criminals.

“Unlike physical attacks, which are likely to be localised, the impact of a successful cyber attack on the financial system as a whole is potentially more serious from a financial stability point of view,” he told the audience at a meeting on cyber crime organised by the British Bankers’ Association (BBA).

“Low-level attacks are now not isolated events but continuous. Unlike physical attacks that are localised, these attacks are international and know no boundaries.”

In a report ahead of the meeting, the BBA warned of the rising threat of cyber attacks and “an element of lack of awareness and cultural resistance” to co-operation across the sector. At the same time, the BoE’s own systemic risk survey shows that concerns about threats to banks’ operations are at a record high, with cyber attacks the biggest worry.

Sophisticated threats

Commenting on the announcement, Liz Fitzsimons, legal director at law firm Eversheds, said: “Governments, businesses and many others recognise the potential power of the on-line global economy to improve communication and understanding as well as create opportunity, employment and wealth.

“Cyber crime puts this at risk not just in developed economies – which have to date borne the financial brunt of cyber crime – but also in developing nations where the impact may be greater in real terms.

“Individuals, businesses and authorities must unite to raise awareness of the risks and help in eliminating them to prevent the greed of a few from spoiling the benefits of the on-line world for the majority.”

Ian Glover, president of Crest, said: “Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets.

“CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by government and commercial intelligence providers as posing a genuine threat to important financial institutions.”

0 views

Related reading

In today’s digitally connected world, infinite quantities of data are produced by consumers daily at a mind-boggling pace and volume. With under three months left to prepare, here are four areas for businesses to consider, to make sure they are ready for GDPR implementation.

GTNews asks Pugsley about what advice she would give to treasurers dealing with mergers and acquisitions, what the key challenges for her year ahead will be and how she is selecting a treasury management system (TMS).

The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.

The payments landscape for corporates hasn’t gotten much clearer over the last decade, but global multi-banking continues to grow. Twenty-three per cent of corporates reportedly originate payments with 11 or more banks, and more than 24% operate within each of the major world regions.